The Division is Ubisoft’s’ latest game and lets players explore and conduct missions in the destroyed husk of New York city, with the latest introduction, Falcon Lost, introducing raid-like missions titled “incursions” that gave you a challenging experience before you finally faced the first boss in order to gain rare loot. Some players couldn’t wait to get the new gear and found a quick way of grabbing the gear, but now Ubisoft is warning that exploiting bad coding in the Division will get you banned.
Falcon Lost was designed to only drop the rare lot once a week, offering players a week’s break before they could collect the next piece in the set, that was until players found a way to speed run the incursion in 20 minutes, with a successful loot drop each time. This was done by using two skills, survivor link, and mobile cover, to warp through walls and avoid the triggers that activated key spawns and moments in the incursion, effectively ghosting you through the events.
In a thread titled “Deactivate the incursion already” on the Divisions forums, community Manager Natchai reminded users that any “exploitation of any new or known issues or bugs is forbidden and may result in account suspension or revocation”. Fans have been less than supportive of this statement, with some saying that if they don’t want people using the bad code, they shouldn’t write it like that.
123-reg has around 800,000 customers within the UK, hosting around 1.7 million sites, said that similar to the hoax, an error was made during “maintenance”, resulting in data from one of their servers being deleted.
The firm issued a statement saying that the company they were working on “restoring … packages using data recovery tools”, a process that is slow and not always effective, as people noted to the previous hoax. 123-reg has recommended that those with backups of their sites should use them to rebuild their sites, as the company itself didn’t have backups of the customers sites.
While the fault is reported to have only affected “67 out of 115,000” servers, it was caused by an automated script. An audit of 123-reg’s scripts is now being conducted and any deletion will now require human approval in the future, something that I’m sure the many companies that have lost business because of this blunder are less than comforted by.
Facebook let you send money to friends through the Facebook Messenger app at the moment, but you could end up being able to spend money in the messenger app as well with some news that the messenger could soon have in-store purchases.
The new feature would be included in a variety of updates and new features that could soon be making their way to the Messenger app. As a result details are scarce, but from what we can gather Facebook’s app would let you pay for goods in person, meaning it would offer the same mobile payments that Android, Apple and Samsung currently offer.
Alongside the payment feature, there is a reference to “secret conversations”, ending unfortunately at just a reference. Initial speculation states this could be a way to hide conversations within the app or even a higher form of encryption that rival apps like WhatsApp offer. The latter would make sense given the current global focus on information security and privacy.
With code further referencing syncing calendars and selective streaming of news feed statuses to groups of friends, the ability to organise and control who sees what could see the app become a go-to for organising your day-to-day life. With no official word yet we have to take these with a pinch of salt, but the payment sending ability was hinted at in a similar fashion months before Facebook officially announced it.
Would you store your payment details on Facebook? How about organising your everyday life with Facebook’s calendars?
The DIY echo can be made using a cheap USB microphone, speaker and several other easy to obtain parts. The code is shared on the Github platform and was posted by Amit Jotwani, Amazon’s senior evangelist for Alexa. It’s his job to help developers and tinkerers. This in turn generates interest from a technical perspective and all of a sudden – millions of people are tweaking code, modding parts and making some really nice inventions with the Pi and Amazon’s software.
It would take some basic technical knowledge to assemble and make the echo work via the Raspberry Pi. However the guides are very good and it should be fairly easy for the average joe to make. The Echo is now on sale for $180 – it hasn’t been released in the UK as of yet. There is one downside to running it off the Rasberry Pi, though, you can’t wake it up by saying “Alexa” and to run a voice command you have to press a button.
Call Of Duty is one of the biggest franchises in the gaming world, with releases year after year from no less than 3 developers now. With so many games it comes as no surprise that their modding community is quite active as well, bringing new maps and options to gamers all over. One modder seems to have caught the developers eye resulting in claims that Activision are harassing a modder over some of his content.
In the Reddit post, moderator and modder TheReal_DF (DecrypterFixer), explains how much of a fan he has been, especially of the zombie survival mode. Recalling everything from his average of wave 45 in the zombie survival mode and how he got into the game mode only to then discover the mysteries of easter eggs within the game. Being interested in programming TheReal_DF decided to have a look and see how the game (Black Ops 1) worked.
TheReal_DF even says that the game helped him better at reading assembly language, a skill which eventually got him his dream job. That’s where the post goes south, describing the game as something that no longer represents what he “loved”.
In a follow-up post by chefslapchop, it’s revealed that “Activision has been harassing him legally him exposing the annals of their micro transactions and creating offline mods”. If this isn’t clear he then goes on to point out that in particular Activision dislikes that TheReal_DF has been “trying to find the exact odds of supply drops so people know what they’re spending money on”.
So a community loses a great person, a modder, all thanks to a company “harassing” him over offline content (not even stuff that affects people online, unlike the many hackers that exploit the game) and the fact that he wants to help people understand and make better decisions in the game.
Do you agree with this? Who’s side are you on? Is Activision right to be upset someone is looking at and learning from their work or should we all have the right to learn and enjoy games without the companies that create them trying to bully and scare us from their communities?
As people create more and more complex programs they often rely on code written by others in modules or tools, in this case, the module was titled left-pad and was taken down my creator Azer Koçulu after lawyers representing instant messaging app, Kik, targeted one of Koçulu’s many modules for having the same name. While this wouldn’t cause problems for many, left-pad whose sole purpose is to pad the left-hand side of strings (or sentences) with zeroes or spaces, is used in projects like Node and Babel, most popular pieces of work that are used in many other projects themselves.
With left-pad removed from NPM (a packet manager that helps developers organise their use of other modules or packages), the projects suddenly found themselves unable to retrieve the code, ultimately falling over in style. With just under 2.5 million downloads in the last month alone according to NPM you can tell just how many projects could have been broken by a single action.
In order to solve this problem Laurie Voss, CTO and co-founder of NPM took a step that many consider unprecedented and republished the previously removed left-pad 0.0.3. This action was apparently prompted by the new owner and allowed Voss to end the day knowing that he was “sleeping fine tonight”.
Flash has long been at the heart of a debate over usability and security. The media player has long been used for everything from Youtube to online games, but it has often by problems with even the fixes containing problems. As a result, people are being told to avoid using the tool and instead using HTML 5, seems like we have yet another reason to listen given the latest patch to try to fix a code-execution bug.
By code-execution bug, we mean that it would be possible to execute code remotely, meaning they could quickly perform actions without your knowledge or say. This exploit is a rather large one, enabling a whole host of problems from the get go rather than others with specific purposes or problems.
The zero-day vulnerability was found by Anton Ivanov, a member of Kaspersky Lab, and was credit as such. Kaspersky Lab researchers have been observing the vulnerability and had seen it used in “a very limited number of targeted attacks”.
With so many vulnerabilities, it comes as no surprise that people are trying to steer away from using Flash. We recommend that if you don’t actively use the tool you remove it from your system, something that could only improve your security given flash’s checkered past. If you do use Flash, then we recommend that you update it now and make sure that you keep checking for security patches.
Last year the US Internal Revenue System revealed that they had been hacked. At first they said that up to 100,000 people were affected by the hack, only to then bump that up to 334, 000 in August. The latest figures put that closer to 724,000 and set to only get worse as it seems they have been hacked yet again.
When filing a tax return you are now required to provide the “Identity protection PIN” that you are given by the IRS. These are specific codes given to people to place on tax returns, failure to do so invalidates the tax return and the IRS will reject it. Sounds like a good idea doesn’t it? So what happens when the IRS’s record of these secret PIN’s are hacked?
Becky Wittrock, an accountant in South Dakota, went to file her tax return this year only to find that the pin had already been used to file a “large refund request” more than three weeks prior. How did the hackers get access to the PIN? Seems that if you lose your PIN you can retrieve it by logging into the IRS website. Seems this is where the problem lies, as the technology used to secure this login process is the same technology that was breached last year.
That’s right, in order to protect people from a hack the IRS used the same technology that was breached by that hack. In order to retrieve your PIN you were asked questions (known as KBA or knowledge-based authentication) such as “on which of the following streets have you lived?” and other multiple choice questions, a system that allowed a hacker to answer the questions correctly.
Seems like a big mistake for the IRS to make, costing both the government and hard working people time, money and stress because they didn’t check that their fix didn’t use the very thing that got them into trouble in the first place.
I still remember the old Nokia 3310, the indestructible brick. I would steal it off my family and load up the only game worth playing. Snake, the classic tale of food and growth, was all the hit back in the day and even with its evolutions, from being able to travel from one side of the map to the other to including powerups, the classics are sometimes the best. So why not play it on your keyboard?
Created by the Youtuber Mythic Maniac, the colourful version of snake, played using only a Corsair K70 keyboard was created using C# and is publicly available. Available to download from the code repository site Github, it is noted that while it was only tested and used on a Corsair K70 “there’s a high possibility of it working with others as well”.
With everything you need to download, install and play the game I can see many hours fading away as we get used to the new and colourful version of Snake. Be warned, if you are after “good code” you may want to be wary of the warning posted on the GitHub page,
“I never intended to release this at all, so the source might have some silly things lying all over the place.
If you choose to clone this and use for your own purposes, you might want to clean this up a bit.”
So will you be downloading and playing Snake on your keyboard? Who can get the highest score? Tell us yours in the comments below
In a post titled “Advancing the Security of Juniper Products“, the use of Dual_EC and ANSI X9.31 will be replaced with a different number generator, one that is used in other products. Dual_EC is the software that is considered flawed and therefore, the greatest security risk, even though it was only added to the software a year after the issues were publically revealed.
This action comes as part of a “detailed investigation” of their software’s code, resulting in patches and the removal of “unauthorized code”. While these actions are well welcomed the questions remain as to why this all started. Where did the “unauthorized code” come from and if Stephen Checkoway, a computer science lecturer from the University of Illinois in Chicago, is correct, the addition of Dual_EC actually reduced the security on Juniper’s software, making it easier to access it through a backdoor.
Cyber security and the integrity of applications are essential for consumers to have confidence their details will be kept safe and not intercepted by a third-party. Well known internet hardware company Juniper networks have issued a warning concerning a discovery it has made within its firewall software, which could have led to a third-party being able to decrypt data which has been sent through an encrypted VPN (Virtual Private Network)
During a recent internal code review, it was discovered that “unauthorised code” had somehow made its way into Juniper’s ScreenOS software, it’s interesting to note that many ISPs (Internet Service Providers) and also large firms implement the companies routers and network switches. The vulnerability could have allowed a third-party, or as the company refers to the threat as a “Knowledgeable attacker”, could be 12-year-old for all we know, to gain administrative access to NetScreen devices and to decrypt VPN connections.
The unwanted slice of extra code has been present within different versions of ScreenOS since 2012. Juniper has confirmed that it is not aware or received any reports of the vulnerabilities being exploited and urges everyone running the affected devices to quickly apply the released patches with the aim of stripping the unauthorised code out of its firewall software ASAP.
It’s a serious breach and questions will surely be asked concerning how the code managed to make its way into the software.
Apple is known for a wide variety of things, from their phones and tablets to their business practices with other companies and their own employees. Craig Federighi, one of Apple’s executives, wants them to be known for something else, something that he hopes will be the start of something amazing. Stating that he wanted to “set off a spark”, Apple is looking to turn their stores around the world into temporary classrooms in order to support the “Hour Of Code” programme worldwide.
The hour of code is designed as an introduction to programming, not only for learning the act of programming but developing the mindset of logically finding a solution to a problem. By supporting the scheme which is known around the world and backed by people such as David Cameron, Bill Gates, Barak Obama and even large companies such as Google, Facebook and Amazon, Apple hope that together the idea of a solitary computer programme could be proved wrong and more can be encouraged to look into the activity.
If you’re interested in the scheme you can find more information here, while the Hour of Code website provides year round tutorials and support for several programming languages.
If you’re not interested, please take a few minutes to watch the video below and consider what you could be capable of.
As Christmas season approaches, it’s vital to find the best deals on technology, video games and other essential presents before the chaotic rush begins. Shopping online around the holiday period is usually stress-free and allows you to purchase items at a significant discount. For one day only, eBay is launching a promotion for UK buyers and offering 20% off any item over £20. However, on more expensive items, the highest discount offered is £50. This is still an excellent promotion though as eBay has a wide range of products from leading companies.
To access the promotional code, all you have to do is ‘Like’ eBay’s Facebook page, then apply the discount during checkout. Please note, purchases apply to any item via bidding or Buy-It-Now listings and you have to pay using PayPal. If you’re not overly fond of Facebook, then the code should be displayed on this thread. In terms of technology, the discount allows you to purchase CPU coolers, RAM and GPUs at a price which could be below the retailer cost value. Remember that eBay is taking the loss on 20% and not the retailer. In theory, the deal means it’s relatively easy to pick up an Xbox One around the £200 mark, or high-end items like the Swiftech H220-X for approximately £130.
Whatever your specific needs are, this promotion could be the best chance to pick up technology at rock-bottom prices. As always, check the user’s feedback and I would recommend you purchase items from leading sellers like Scan, ShopTo and others!
WinRAR has a base of some 500 million users worldwide, those same users might want to take a look at a new Zero Day Vulnerability which has been detected within the newest version of the software. According to Mohammad Reza Espargham, who is a security researcher at Vulnerability – Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to a “remote code execution (RCE) flaw”. Let’s digest this flaw by breaking it down and having a closer look.
The vulnerability works by being implemented by an attacker with the aim of inserting a malicious HTML code inside the “Text to display in SFX window” section when the user is creating a new SFX file. Below is a video which conveys a test that proves the existence of this flaw, albeit in a controlled environment.
The annoying flaw with SFX files is they will start auto functioning the moment a user clicks on them, therefore, consumers cannot identify or verify if the compressed .exe file is a genuine WinRAR module or a malicious one. As of writing, there is yet to be a patch released for this flaw and Windows users are advised to refrain from clicking on any files from unknown sources. If you wish to protect yourself further, then by all means use an alternative archiving product or use strict authentication methods to secure your system.
The knock on effect of any exploit can be harmful to users, especially when a product has a consumer base which is substantial in size.
Cyber attacks are an increasing and dangerous threat which is perpetrated by groups and countries alike, these attacks are a substantial threat to free speech, livelihoods of website operators and also the whole infrastructure of the Internet. It’s no surprise to learn that a huge DDoS attack against a target website resulted in 650,000 devices being unwittingly enrolled into a giant cyber attack which overwhelmed its target.
And where did this attack originate from? That’s right, our friends over at the democracy-suppressing Truman Show style country that is China. The attack transmitted a staggering 4.5 billion separate requests for data in one day to the target destination. Below is an image which analyses the log timeframe of HTTP requests per hour, as you can see, requests for data ramped up dramatically within only a relatively small period of time before dissipating.
Since the attack had been levelled at a client of US Company CloudFlare, they were able to “write a dedicated script and were able to further analyze 17M log lines, about 0.4% of the total requests” They found that 99.8% of the flood was originating from China while 0.2% was labelled as “Other” They were also able to determine that 80% of the requests came from mobile devices .
Think of this speculated but plausible scenario like this, while a user was browsing the Internet or through an app, he or she was served an iframe which contained an advertisement. This ad had been requested from an ad network who then forwarded the request to a third-party that won the ad auction. This meant that either the third-party was the “attack page” or it forwarded the user to an attack page, by doing this the user was served a page containing malicious Java Script which then launched a flood of XHR requests against CloudFlare servers.
CloudFlare have declined to name the company which had their server attacked but are warning against future cyber attacks with the same level of intensity. It’s a worrying trend which has many outlets including the Darth Vader weapon of choice “The Great Cannon.” This is also not serving the long-established technique of serving ads to consumers via the Internet, if advertisements are increasingly being injected with malicious code, consumers are going to use extensions to block them.
The Internet connects the world and is seen as a necessity and therefore a human right by powerful individuals, what countries want you to see on the net, well, that’s a whole different ball game.
A downside of technical innovation lies in the unfortunate ability to hack devices with the aim of stealing information and scamming consumers out of their savings. ATM’s are not immune to this threat and a new breed of malware has the ability to allow an attacker the option to drain the ATM’s cash vault before erasing the evidence.
The malware in question is coined “Green Dispenser” and it implements an out of service message on the ATM, but, all is not well as attackers with access to the correct pin codes can then drain the ATM’s cash vault and erase Green Dispenser using a deep delete process, leaving little if any trace of how the ATM was robbed. Let’s take a look at the deployment and operation process of this greedy piece of malware.
Deployment and Operation
The only way this malware can be installed is via physical access to the machine, therefore it is not possible to walk up to an ATM which is situated in a shop or sunk into a bank wall and attempt to install such code, therefore this raises the option of a compromised employee with access to said machines. Green Dispenser has the ability to target “ATM hardware from multiple vendors using the XFS standard. It achieves this by querying for peripheral names from the registry hive before defaulting to hardcoded peripheral names”.
An operational functionality in the coded run date is “2015” with the month being earlier than September. This suggests to analysts that Green Dispenser was employed in a limited operation and designed to deactivate itself to avoid detection. A second layer which the attackers have implemented with the aim of hiding their activities lies in the authentication using a hardcoded pin which is then followed by a second pin which this time is dynamic.
It is believed the attacker in question derives this second PIN from a QR code which is displayed on the screen of the infected ATM, which is then read by an application that can be scanned onto a smart phone. Think of this as similar to logging into your favourite website, you input in a password before using a second two factor authentication method to unlock your account, by implementing this method it makes it more secure so that only the person in question can use the malware, provided they have the correct authentication.
Once the malware is run it attempts to verify if the month is earlier than September and the current year is 2015, if it finds the year to be say 2014, it simply shuts down. If the details are correct, Green Dispenser “creates a second desktop environment on the ATM called “dDispW” and creates a window in the second desktop called “Dispenser”. This is with the aim of overlaying an “Out Of Order” message within the ATM screen; it is worth noting that the message has appeared in Spanish as well as English.
Below is the QR code screenshot, “If the dispense cash option is selected, Green Dispenser attempts to query the registry location “HKEY_USERS\ .DEFAULT\XFS\LOGICAL_SERVICES\class=CDM” to find the peripheral name for the cash dispenser. If not found, it defaults to “CurrencyDispener1” which is the cash dispenser peripheral name on specific ATMs. It then makes a call to WFSExecute with the command set to “WFS_CMD_CDM_DISPENSE” and a timeout of 12000 to dispense cash”.
As you can see, it’s a complex piece of malware which aims to offer the option to take as much money as you would like, which is good, (Disclaimer – please don’t take as much money as you want, it may sound good but it is not) Manufactures and banks would need to work together to counteract these threats with updated modern security upgrades, if not, expect these methods to become a standard in attacks against machines.
Thank youproofpoint for providing us with this information.
Some games secrets are easy to find, others are so far buried, it’s amazing anyone found them at all! The latter is especially true for players of SOMA, who have discovered that shoving a plastic toy into the toilet and flushing it, within the game of course, causes a set of numbers to appear on screen, but what does this mean?
If you find enough of these extremely obscurely hidden codes around the game, you can use them as the password for a file called _supersecrets.rar in the games installation directory. Unfortunately, these codes were so well hidden, that it was only through analysing the games files for strings of code that a user was able to uncover them all!
“Knowing two of the Code locations, I opened the laboratory map and checkted that ceiling. Voila, an Area-Trigger having a Collision Callback. It took me a while till I found out where those callbacks are handled. But once I found the place i was shocked. Only 1 line of code, no hint at the part of the password. Keeping that in mind I opened the Apartment map and looked at the toilet. Luckily again an Area-Trigger. Knowing it should be triggered by the Figure on the Table, I looked for the corresponding code in the script. Again no hint at the Password in there. But then it hit me. Both had an strangely named cLux_ command in there. So i removed the suspected command in the toilet script and tried draining the figure. Jackpot! The code went missing.”
The user managed to crack the code, and discovered just what lurks inside, a kind of in the making collection of files about the games development, some early screenshots and a few other goodies, nothing major, but credit to the developers for making it a bit of a wild adventure to discover them.
Hackers are viewed within the media and by films as master genius’s who are able to hack into protected systems with the intention of stealing a vast array of information. There is some truth in this assertion considering even multinational companies have been caught napping by cyber thieves, but, what happens if I don’t know, a tech firm accidentally publishes its private signing keys? Well, D-Link has managed to do this in what is known scientifically as stupididiotness.
Taiwan-based networking equipment manufacturer D-Link has published its Private code signing keys inside the company’s open source firmware packages. This was spotted by a user by the username “bartvbl” who had bought a D-Link DCS-5020L security camera and downloaded the firmware from D-Link which open sources its firmware under the GPL license.
All seemed well for “bartvbl” until they inspected the source code, only to find four private keys which are used for code signing. To test this, the user-created a windows application which was able to be signed by one of the four keys which appeared to be valid. Not only this, the user also discovered pass-phrases which are needed to sign the software,
It is yet unclear if any of these keys were used in attacks by malicious third parties, meanwhile, D-Link has seen the light and has responded to this embarrassment by revoking the certificate in question and subsequently releasing a new version which does not contain any code signing keys, which is good.
Thank you tweakers via Google Translate for providing us with this information.
Mozilla got word this Wednesday that a severe Firefox 0day vulnerability was being exploited by an ad on a Russian website. Although the company was swift in delivering a fix, they are now urging users to check that they are running version 39.0.3 or later to prevent hackers from gaining access to their sensitive data.
Security specialists found that the exploit mainly targeted developer-focused content, though it was released to the general audience. However, the attack seems pretty neat because you can have a large number of audience on the website, but have data transferred from browsers with significant relevance. The guys looking into the hack found that it did not leave traces of it behind, which means that even experienced users may be unaware if they have been the victim of a hack or not.
Though the hack affected only Windows and Linux systems, Mac users should also be on guard, since the hack can also be modified to target Macintosh OS’ too.
When talking about robots and self-awareness, I think most people would just freak out, but there are some people who would be extremely excited and interested about these things. But I don’t think freaking out would be the case here, even though a robot just passed the first self-awareness test ever.
The guys over at Rensselaer Polytechnic Institute in New York are said to have built three robots which were put to the so-called “wise men puzzle” test. The original test involved a fictional king, who in order to choose his next advisor, invites three of the land’s wisest men to a contest. He then puts either a blue or white hat on their head and tells them that the first to stand up and tell the colour of their own hat will become his new advisor.
The same logic has been implemented with the three robots here too. Two of them were stripped of their ability to talk, then all three were asked to tell which one was still able to speak. All of them then proceeded to say ‘I don’t know’, but surprisingly, the one who heard its voice became aware of its ability to still speak and added ‘Sorry, I know now!’.
The above may seem trivial to us as humans, but bear in mind that robots are programmed to do what we ‘tell’ them to do, so up until now, all robots we’ve seen doing this were doing them because we systematically told them what to do. To see a robot recognising its own voice and distinguishing it from other human voices is a big step forward for AI.
To be noted here is that all three robots were coded in the same way, so we can see a bit of the machine learning technique in place here. While the other two did not see any signs of self-awareness and ‘thinking’, the third one was able to tell and learn the difference. This means that the third robot was able to learn some differences in behaviour, using the base code to ‘deduce’ what the others could not.
It’s really interesting and I admit, it may be a bit scary too. But in the end, complex AI are bound to be invented sooner or later, so we may see the first big step here. Also, if you’re interested in seeing the robot for yourself, you should know that it will be displayed at the RO-MAN conference in Japan between the 31st of August and the 4th of September.
Thank you TechRadar for providing us with this information
We’ve seen a lot of projects and methods involving machine learning up until now, but the truth is that no matter how efficient and quick a computer is, the software will always be its limit. However, Microsoft plans to change that and is working on a new tool that would allow you to teach computers new things.
There is a lot of information about the project and tool on Microsoft’s website, but let’s get straight to what the Microsoft Research team wants to do. Take a jigsaw puzzle for example, where every piece of it fits somewhere and contributes to the big picture once complete. This seems to be the approach Microsoft hopes people will take, where each jigsaw puzzle piece is created by someone knowledgeable in his or her field. This means that a doctor can teach a computer how to search for specific patient details in a database, while a chef can teach it how to make the best dish according to a recipe.
However, to get a lot of people from different fields together in this project, Microsoft also needs to build the tool as simple and understandable as possible. This means that Microsoft is looking for a way to make the tool more autonomous and offer a simple and understandable user interface. I mean developers know how to use such tools, but they can’t expect a doctor to know how to use a complex development tool.
The tool, named Language Understanding Intelligent Service or LUIS for short, is part of the Oxford Project. Though it still is in its early stages, it may prove to be a strong and useful tool for complex AI development. You can view more details about the project over at Microsoft’s Blog. The tool can also be found over at its website here, but you will need to get an invitation first to try it out.
A whole new level can be explored of what could be achievable when both Science and Tech meet; this time around the geniuses at MIT have developed a way to fix bugs in source code by using a system to import functionally from other programs.
The system is called CodePhage and it functions by analysing an applications execution, by undertaking these procedures, it is able to characterize the types of security checks with which it performs. As a result of this, the system can import checks from applications written in programming languages which differs from that of the one in which the program it’s repairing was written.
Once the fix has been imported, CodePhage offers a further layer of analysis which guarantees that the bug has been repaired. If this was not impressive enough, this system was tested on seven common open-source programs which were identified as having bugs. CodePhage was able to patch the vulnerable code with the estimated time calculated between two and 10 minutes per repair.
The ability to borrow code from one application in order to fix another could be revolutionary and the time which it takes in testing is phenomenal. Further experimentation and development is required, but it’s certainly an impressive start which has the potential for real world applications which are wide.
Thank You MIT for providing us with this information
Working on a project is difficult, working on a project with multiple people is difficult, working on a project with multiple people, in multiple locations and with multiple devices is difficult. What I’m saying is working on something is difficult, anyone that’s ever programmed can attest to this. People often use things like Github, Microsoft’s Azura cloud or Amazons web service to keep your work up to date, this means that if you (or a friend) made a change to your work everyone would have access to the newly created work without any difficulty.
Google is going to try become a part of this market, with the announcement of its latest service, Cloud Source Repositories. The service is currently in beta and hopes to become a go-to for group projects and people who enjoy coding. In its description Google has stated that it will have a private Git repository, which will not only integrate and work with a majority of the existing tools but will also feature a high level of encryption, making sure that your files are secure and for your eyes only. With access to the Google Cloud Platform, and later in the year a new API launcher and a new cloud debugger, the system looks to provide you with all the tools you take for granted while guaranteeing you access to Google’s knowledge and support for your projects.
Do you use a cloud repository for your work? If so would you be tempted to try out Google’s new service or are you happy with your current one?
Thank you TechSpot for providing us with this information.
You are probably wondering why we hear that legacy flaws are still present in new software. Well, the answer is simple. Developers have a habit of reusing old code for most of their projects and the code is not reviewed for all potential flaws, but rather the approach tends to be similar to the slang ‘if it works, then don’t try to fix it’.
This does not mean that developers are lazy. The approach is favourable even by top-notch programmers because of the tight deadlines they have to meet, so time will always be above everything else when shipping new software.
However, this comes at a hefty price. While we hear of many hacking incidents, only a few of them are complex enough to break even the most impenetrable systems. Most of them were done by exploiting the already ‘implanted’ flaws in all software products. Everything except the operating systems can be deemed ‘hackable’ by most people with some knowledge of hacking.
The flaws go so deep that even some government departments are at high risk. Security analyst found out that some software in government departments is still based on older programming languages. But is this the future of programming? Of course not.
Security analysts in the field say that the problems with legacy flaws may likely increase, but they don’t have to. The real problem is that, by focusing exclusively on shoving new software on the market, companies forget about security completely. A better approach here is to split project development into two major components, development and testing, which could work in parallel. This way, a lot of bugs could be fixed and major security bugs flagged before the software hits the market.
Thank you CNET for providing us with this information
Google just made some of its cloud computing software broadly available. Since there is more demand for services that let you work with applications packaged in containers, Google pushed its Container Engine from alpha into beta. Also, the Container Registry service that stores Docker container images has been made widely available.
Up until now, a lot of businesses relied on virtual machines to run a variety of applications. But times and tech are changing, so a better alternative to traditional virtual machines was bound to crop up sooner or later. This is why Google and other cloud storage providers are now interested in packaged apps running on cloud services.
The Google Container Engine is said to run on Kubernetes open-source container management software, having the ability to deploy containers on a variety of public could services. There have been a few major tweaks done since it was in alpha and now Google is only focusing on updating the Kubernetes code rather than the whole engine once new patches roll out. Also, debugging is said to be as easy as ticking a checkbox, so developers will be able to easily identify and fix issues that might occur.
In terms of pricing, Google offers its Cloud Engine for only $0.15 per hour for standard clusters with up to 100 virtual machines and managed uptime. The basic clusters will stay the same, but users will be able to have only up to 5 virtual machines and no managed uptime.
Thank you VentureBeat for providing us with this information
Super Mario World is a classic game, one that many have played in one form or another. One person has taken this game to the next level by making a program that can learn to play this game, all by itself.
MarI/O is a program made of neural networks and genetic algorithms that kicks butt at Super Mario World, at least that is the official description of the video. The author was kind enough to provide the source code as well, so you are even able to run this yourself – that is if you want to. The video in itself already shows the important parts of it, but for coders it might be extra interesting. The video has voice over where the author explains how it all works and it is actually quite interesting.
It took about 40 minutes for the algorithm to work out how to beat the level the best way.
Now this automated learning algorithm probably won’t spawn terminators, but rather give us a great view into how we ourselves as humans are built and how it all could be put together. Just at a much smaller and more simplistic level.
The emulator used was the BizHawk emulator with full rerecording support and Lua scripting.
Comex, the brains behind JailBreakMe and a former Apple Intern, has worked out a way to hack the Apple watch to get a web browser to run on the device.
Comex has posted a short video demonstrating how he has been able to get the Google home page to render on the wrist-bound device. Apple, for obvious reasons, has not added Safari onto the device. The video does make it clear that navigating pages on such a tiny screen is near impossible.
More importantly though, the video lets us know that it is possible to get the apple watch to run 3rd party code and possible the first step to a full jailbreak? Comex has made no promises to release the details of the hack.
The fact that it brings up the copy|define option when he touches the screen gives an amusing insight into the OS on the apple watch. Currently running Watch OS 1.0 which is a version of the popular IOS 8.2 with a custom front layer to make it show the devices UI called Carousel.
Comex also shows the watch presenting the dictionary view on his Twitter feed.
Apple have stated that a native SDK is in the works, which will allow the rest of the development community to create more apps for the watch.
Thank you to 9to5mac for providing us with this information